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,n. Remar1r5; 

Claims 1 -8, 10-14, 16-19 have been amended and claims 9, 1 5 havebeen cancelled, inorder 
to further the prosecution of the present application. AppUcant reserves the right without prejudice 
to prosecute the subject matter of the originally filed claims 1-19 in subsequent continuation 
application(s). No new claims have been added. 

The Examiner has rejected Claims 1-19 under 35 U.S.C. 103(a) as being obvious under 
United States Patent No. 6.324,648 issued to Grantges ("Grantges") in combination with United 
States Patent No. 6,085.227 issued to Ediund et al ("Edlund"). Applicant responds to this rejection 
as per the discussion below. 

In summary, in view of the below discussion. Applicant can find no motivation other than 
what is disclosed in Grantges for having a firewall within Ediund and in that case, the proposed 
combination would not teach placing a furewall between the proxy server and the polling server of 
Ediund. Even if one ignored the motivation provided and placed the firewall of Grantges between 
the servers 104 of Ediund (something Apphcant believes is their claimed invention and is not 
supported by anything other than impemiissible hindsight), the proposed combination is not 
supportable by the teachings of Grantges and Ediund. Further, if such lack of support is ignored then 
the proposed combination still would not work as (the polling operation) originally intended by 
Ediund. 

Grantees' Teaching 

As mentioned in Applicant's earlier response (filed on May 4. 2005), Applicant is of the 

understanding that Grantges teaches a system which provides authenticated access (through a secure 

connection) from a client computer over an insecure, public network to one of a plurality of 

authorized ^pUcations hosted by destination servers on a private, secure network. This authorized 

access is done through use of a client-side digital certificate. Grantges further teaches a firewall 
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disposed between the insecure p.hlir net^voric and the ndv.t. ..u.... pu.^^. Cei^nm 5, lines 
40-43), whereApplicant emphasizes for the following discussion that the pubUc network is deemed 
"outside" the firewall and the private network is deemed "inside" the firewall. Grantges further 

teaches thataproxyserveroutside the firewall intercepts messages fiomfheclient computer destined 
for the destination servers, and forwards the intercepted messages through the firewall to a gateway 
server associated with the destination servers. Grantges also teaches that the proxy server receives 
messages firom the gateway server containing application data sent from the authorized applications 
via the secure comiection for receipt by the requesting client computer. Applicant emphasizes that 
the data in the messages is sent through the firewall, from inside to n„td^. the firewall. In general, 
Grantges teaches the proxy server actively routes and forwards/receives messages through thi 
firewall in real-time by the creation of the active twoKlirectional ports (e.g. comiections 54 and 56). 

Accordingly, in view of the above. Applicant respectfixlly submits that the coirect 
interpretation of Grantges' teachings is a secure connection is set up between the proxy s^er and 
the application gateway server, such that the secure connection is initiated when the proxy server 
sends a request through the firewall for connection to the application gateway server, and then a 
subsequent handshake communication occurs between theproxyserverand the gateway server. This 
handshake involves the exchange and authentication of each server's digital certificate followed by a 
setup of the secure connection in response to the authorization (see Figures 1 and 2). Also, as 
mentioned in Applicant's response filed on May 4, 2005. the secure connections and data 
communication thereon described by Grantges are initiated and established by the client computer 
(column 8 lines 16-28 and lines 47-53) from outside the firewall and not through any internally 
initiated actions from inside the firewall by the application gateway server. 

In view of the above. Applicant is confiised by the Examiner's statement that the step of the 
"polling server being configured for polling the proxy server to pull the received data across the 
firewall" is disclosed in Figure 1 ofGrantges. Applicant has found no mention within Grantges of a 
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polling operation across the firewall by the application gateway server in order to retrieve data from 

theproxyserver outside the firewall. Applicant invites the Examiner toprovideftoherdetails as to 
why Figure 1 of Grantges, taken in context of the whole disclosure of C5rantges, purports to 
adequately describe polling operations for data retrieval. 

Edlund's Teaching s 

The Applicant has further reviewed the specification of Edlund and the following 
observations are noted. Edlund teaches a method and system for operating remote devices in 
time, specifically scientific instruments such as a tunneling microscope, over the Internet. It should 
also be noted that Edlund discloses a system that allows "any user on the Internet, who has sufficient 
access privileges, to execute commands on a remote device in real-time" (Col. 1 , lines 37-39), and 
more specifically Edlund provides "real-time access to remote devices, such as scientific 
instruments, usingthelntemet" (Col. l,Hnes25-28). The commands to operate such remote devices 
106 are originated from client computers 102 and are processed on an intermediate machine (proxy 
server computer 104). The user manager 1 14 of the proxy server 104 may accept/deny commands 
and the session manager fimher controls user access capacities. Upon receiving authorization, the 
command from the user is passed to the task manager 120 of the proxy server, which proceeds to 
translate the commands into device-specific sub-commands. The translated commands are then 
stored by the task manager witiiin a priority queue 1 26, the priority queue is for helping to prevent 
overload of commands to a slow remote device. The device server computer (second reference to 
104) then polls the priority queue 126 and receives one command at a time from the proxy server 
104; the commands are then passed to the remote device 106 for subsequent execution. 

Thus, the Applicant submits that Edlund describes an unsecurM polling operation between 
the proxy server and the device server. In response to the poll request, the device server pulls one 
command at a time from the priority queue, for transmitting the retrieved commands to the remote 
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device for execution in red^. Applicant submits that the real-time environment teachings of 
Edlund requires unhindered communication between the proxy server computer 1 04 and the device 
server computer 1 04, something which would be problematic with the addition of a firewall located 
there-between as further discussed below. 

Currently Amended Main Claims 

Applicant has amended indepenent claims 1 and 3 of the present ^plication as foUows: 

1 . (cuirently amended) A secure network resource access system for faciUtating access to a 
network jesewee Edntoilocated behind a firewall, the secure network resource access system 
comprising: 

a proxy server located logically outside the firewall for receiving Kinting.data from a data 

sourcelocated outside the firewdl,theproxy server havingaqueuefor storing therecdved Anting 
data, the orintinp data h ^ng associated with the network p rinter- and 

a polling server located logically behind the firewall, the polling server being configured for 
polling the proxy server to pull the received printing data across the firewall fi-om the queue of the 
proxy server to the polling server. 

3 . (currently amended) A method for faciUtating secure access to a networic fese«^ee printer 
located behind a firewall, the method comprising the steps of: 

storing received mnting.data in a queue of a proxy server, the received printing data fi-om a 
data source located outside the firewall and being a.ssnciated with the, network printer : and 

polling the proxy server located logically outside the firewall by a polling server located 
logically inside the firewall, the polling being to pull across the firewall the received printin g data 
fix>m the queue of the proxy server to the polling server. 
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Support for these amendments can be found at page 2, paragraph [0024] in the present 
application: 

"The polling server 11 6 is in communication with the enterprise server 1 18. and is 
configured to periodically poll the proxy server 114 through the firewall to determine 
whether application datafi-om a network terminal 200 is waiting in the queue of the proxy 
server 114. The proxy server is configured to transmit any queued application data to the 
polling server 11 6 in response to the poll signal fi-om the polling server 116." 

and at page 2, paragraph [0022]: 

"J)>pically. each network resource 104 comprises a priniting device, and in 
particular, an IPP-compliant printer. " 

and at page 3, paragraph [0027]: 

"...the resource type filed 304 may specify that the network resource 104 is a 
printer... " 

Combinat ion Proposed bv the Exarp inftr 

Based on the above discussion. Applicant provides below the combination proposed by the 
Examiner. In general, the Examiner has stated that "polling server being configured for polling the 
proxy server to pull the received data across the firewall is disclosed in Figure 1 of Grantges, other 
than the step of pulling the received data from the proxy server which is disclosed in Edlund". 

Further, the Examiner has stated that "wouldhavebeenobvioustooneofordinaiy skill in the 
art at the timetheinventionwas made to taketheteachingofEdlund related toaproxy server having 
therein a qneue for queuing received data/request and a polling server poUing the queued data at the 



PACE 17^21 ■ RCVD AT 4/25/2006 4:34:36 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-2/15 " DNlS:2r38300 • CSID: • DURATION (mnvss):0S-4O 



04/25/06 15:38 FAX GOWLINGS 12)018/021 



^pl. No. 09/926,436 

Amdt. dated April 25, 2006 

Reply to Office Action of Aug. 10, 2005 

proxy server and have modified the teachings of Gx^tges related to access control of network 

resources in ordertopreventanetworkresource from gettingoverloaded with too many commands 
or request data" (as disclosed in Edlund). Applicant respectfully submits that this is not quite the 
case m view of Applicant's comments on the lack of support in Grantges for poUing operations, and 
therefore Apphcant interprets the Examiner's proposed combination to be: 

a) proxy server and gateway server networked together (Grantges); 

b) firewall between the proxy server and gateway server (Grantges); 

c) printing data and network printer (only inferred from Grantges and Edlund); 

d) poUing operations to get data between two servers (Edlund); and 

e) a queue for storing the data (Edlund). 

Applicant does not agree that the above proposed combination makes obvious the current 
claims of present application. Applicant submits that based on the above presented characterization 
of Grantges and Edlund, Applicant's system and method claims arepatentable over the teachings of 
Grantges and Edlund, either taken alone or in combination, as discussed above. In specifcs: 
Grantges does not teach polling and therefore does not show . fir^.ii positioned h.tw.^ . ^v;.^ 
server and a prow sm.>>r ; Edlund remains silent on the of and Grantges and Edlund 

do not teach the use of network printprs and the n,.nip „i.., on of nn„tinf x H... over a 
network. Therefore based on the above presented arguments and discussion. Applicant submits that 
the currently amended claims are allowable over the cited prior art references, which do not contain 
any support for the motivation to combine them. 

However, if the above is not convincing to the Examiner, the following demonstrates how 
any conceived motivation to combine the teachings of Grantges and Edlund is contxaiy to the 

teachings themselves. 

Intent of Grantf yes and Edhmd Teachinp ;^ 
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Applicant submits Edlund is specifically directed to processing of commands for controlling 
remote devices and Grantges is directed to authorizing access and communication between a client 
computer and the authorized appUcations as initiated by the client computer through an application 
gateway server. Edlund does not teach or suggest a firewall disnosedhetw^ the t>ollinP .erv^ .n^ 
theproxyserver as claimed by the Applicant. Therefore, the only support to combine the teachings 
of Edlund and Grantges must come from the firewaU taught as by Grantges. 

The firewall 32 disclosed within Grantges is disposed between an insecure: nuh1iP n.twnH. 
26 (ie. the IntemeQ and a secure priyf^tf netivorV (Abstract; Column 5, lines 40-43). Thus, when 
straightforwardly combining the teachings of the firewall of Grantges system for the Edlund system, 

the resulting scenario wouldbe the firewaU located between thepublicnetworklOO(Fig.l,Edlund} 

and theproxy server computer 104. Applicant would like to note that this firewall location as taught 
by Grantges is contrary to between the proxy server computer 1 04 and the device server computer 
1 04 used to perform the poUing operations highli^ted by the Examiner. 

Accordingly, AppUcant believes that the proposes Grantges-Edlund combination of the 
Examiner is contrary to the current claims by the Applicant as the claimed firewall allows the polling 
server located behind the firewall to securely poll the proxy server located outside the firewall to 
detemiine whether any application printer data from a data source is waiting in the queue of the 
proxy server. The proxy server then submits any queued application data to the polling server in 

response to thepoU signal from thepoUing server. As described on page 2, paragraph [0024] ofthe 
present application: "this mechanism allows application data to be transmitted to network resources 
104 located behind a firewall, but without exposing the enterprise to the significant possibility of 
security breaches associated with firewall access ports." Even this is fimdamentally different to 
meaning ofthe Grantges firewall, where the proxy server actively routes and forward messages 
through the firewall in real-time by the creation ofthe active two-directional ports (e.g. comiections 
54 and 56). 

11 



PACE 19/21 ■ RCVO AT 4/25/2006 4:34:36 PM [Eastern Daylight Tone] " SVR:USPTO-EFXRF-2/1S ■ ONIS:2738300 * CSID: " DURATION (■nin.ss):08-40 



' 04/25/06 15:38 FAX COWLINGS 121020/021 



App]. No. 09/926,436 

Amdt. dated April 25, 2006 

Reply to Office Action of Aug. 10, 2005 

Further support for the lack of motivation to combine the firewall of Grantges with the 
system of Edlund can be found within Edlund on Col. 3, lines 20-25 where it states that "For 
example, the functions of the proxy server computer 104 and the device server computer 104 could 

beperfonned byasingleserver computers. Moreover,aclienVserverarcWtectureisnotrequired^ 
and the present invention could be completely implemented on a single computer, such as a 

workstation". Thus itwouldbe contrary to the teachingsofEdlund to provideafirewaU between the 

proxyserverl04 and thedeviceseverl04.particularlywheaboth servers couldbeimplementedona 
single computer. 

The Applicant respectfuUy submits that in a system for providing commands in real-time to a 
remote device as that described by Edlund, it would not be obvious or even desirable to pix)vide a 
firewall that would be open only during the polling operation between the proxy server and the 
poUing server as claimed by the Applicant. Such a firewall used in Edlund would in fact introduce 
latency and deteriorate the performance of the real-time operation desired for real-time instrument 
control in Edlund. 

Further, the Applicant notes theExaminer'srejectionofdependent claims 2, and 4-19ofthe 
present application but considers this rejection moot in view of the above-noted amendments and the 
discussion of amended independent claims 1 and 3. Thns the Applicant respectfully requests 
favourable reconsideration of the present application. 

It is believed that the above remarks and amendments submitted herein have placed this 
present application in condition for allowance, and a Notice thereof is requested. Further, Applicant 
submits that no new matter has been introduced into the subject application by the foregoing 
amendments. If the Examiner has further concerns, he is encouraged to contact AppUcant's 
undersigned agent at 416-862-4318. AU correspondence should continue to be directed to listed 
address shown below. 



12 



PACE 2(W21 ■ RCVD AT 4/25/2006 4:34:36 PM [Eastern Oaytigm ronej • SVR:USPTO^FXRF-2/15 ■ ON1S:2738300 " CSID: • DURATION <mm-ss): 08-40 



04/25/06 15:39 FAX 



COWLINGS 



©021/021 



Appl. No. 09/926,436 

Amdt dated April 25, 2006 

Reply to Office Action of Aug. 10, 2005 



COWLING LAFLEUR HENDERSON LLP 
S\iite 4900 

Commerce Court West 
Toronto, Ontario 
Canada M5L 1 J3 
Facsimile: (416)862-7661 



Respectfully submitted. 



Grant Tisdall 
Agent for Applicants 
Registration No. 53,902 
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